System Engineer 2

Overview

We are seeking a highly skilled Blue/Purple Team Security Engineer to support enterprise security operations, incident response, detection engineering, and compliance within a Zero Trust environment. This role blends defensive security engineering, adversary emulation support, SOC optimization, and ISSO responsibilities, with a strong emphasis on Elastic (XDR/SIEM), ACAS, detection-as-code, and automation.

The ideal candidate is hands-on, collaborative, and comfortable operating across security operations, engineering, compliance, and executive communication.

Key Responsibilities

Blue / Purple Team Operations

• Partner with internal Red Team and Pen Testers to support adversary emulation and Purple Team exercises
• Analyze attacker techniques and behaviors to improve detections, prevention strategies, and overall security posture
• Continuously improve defensive controls to reduce organizational risk

Incident Response & SOC Enablement

• Lead and participate in incident response testing ("fire drills") across approved endpoints and servers
• Validate SOC tools, alerting, and workflows during simulated and real-world events
• Evaluate and improve Incident Response Plans to ensure operational readiness

Detection Engineering & Elastic (XDR/SIEM)

• Serve as a primary user and functional owner of Elastic Defend (XDR)
• Design, build, and maintain security dashboards using Elastic query languages
• Develop and maintain Detection-as-Codeworkflows, including:
  • Writing and tuning detection rules
  • Managing rule repositories in GitLab with clear documentation
  • Testing open-source detection content prior to production use
• Leverage Elastic Machine Learning for anomaly detection and alerting
• Manage and deploy security tool integrations to ingest and normalize log data

ACAS / Vulnerability & Compliance Management

• Fully manage ACAS from backend to frontend, including:
  • Server, agent, plugin, and STIG updates
  • Active scan configuration and compliance profile maintenance
• Support Government ISSOs/ISSEs with vulnerability and compliance reporting
• Coordinate with automation teams for high-side visibility and monitoring

ISSO / Compliance Support (Zero Trust Environment)

• Act as an ISSO Subject Matter Expert supporting ATO advancement
• Develop waiver documentation, mitigating factors, and control justifications
• Support STIG management, SSP updates, and security policy development
• Collaborate with engineering teams on secure architecture and design changes
• Balance compliance requirements with innovation and mission needs

JIRA & Change Control Support

• Support JIRA workflow design and management for:
  • CCB activities
  • STIGs, vulnerabilities, and security workflows
• Assist with automation tied to provisioning, account creation, and system deployment

Cyber Threat Intelligence (Open Source)

• Identify and curate high-quality open-source threat intelligence feeds
• Integrate threat intelligence into detections, dashboards, and endpoint tools
• Create STIX bundles for ingestion into security platforms
• Optional Python scripting to support automation and intelligence processing

Documentation & Executive Engagement

• Produce clear documentation including:
  • Installation guides
  • Security procedures and best practices
  • Tool usage and training materials
• Support executive-level demonstrations and briefings using dashboards and security narratives
• Present technical content to senior stakeholders (CIO, C3, C33 leadership)

Required Qualifications

• Experience in Blue Team, Purple Team, or Detection Engineering roles
• Strong hands-on experience with Elastic (SIEM/XDR)
• Incident response planning, testing, and execution experience
• Experience managing ACAS/Nessus and STIG-based compliance
• Understanding of Zero Trust security principles
• Ability to write and maintain detection logic and security documentation
• Experience collaborating across engineering, SOC, and compliance teams

Preferred / Nice-to-Have

• Detection-as-Code experience using Git/GitLab
• Elastic Machine Learning experience
• Python scripting for security automation
• Open-source threat intelligence integration
• Prior ISSO, ISSE, or compliance SME experience
• Experience briefing executive or government leadership

Why This Role Matters

This position sits at the i ntersection of security operations, engineering, and compliance, directly influencing detection quality, incident readiness, and ATO success. You will have real ownership, real impact, and visibility across both technical teams and senior leadership.

Clearance Requirement

Active TS/SCI with Polygraph is required for this position. Candidates must be eligible to work on classified systems in a highly secure environment.

Education/Experience

Bachelor's degree in Computer Science or a related field is required. At least 14 years of relevant experience, or 5 additional years of relevant experience.

Salary: $180,000-$225,000. This represents the typical salary range for this position, but is not guaranteed. Salary is based on experience, location and contractual requirements which could fall outside of the range listed.